[jira] [Resolved] (ATLAS-5214) ATLAs UI: Ensure user-controlled values are escaped before rendering |

Prasad P. Pawar (Jira) Wed, 25 Feb 2026 04:45:05 -0800


     [ 
https://issues.apache.org/jira/browse/ATLAS-5214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Prasad P. Pawar resolved ATLAS-5214.
------------------------------------
    Fix Version/s: 3.0.0
                   2.5.0
       Resolution: Fixed

> ATLAs UI: Ensure user-controlled values are escaped before rendering |
> ----------------------------------------------------------------------
>
>                 Key: ATLAS-5214
>                 URL: https://issues.apache.org/jira/browse/ATLAS-5214
>             Project: Atlas
>          Issue Type: Task
>          Components: atlas-webui
>    Affects Versions: 3.0.0
>            Reporter: Prasad P. Pawar
>            Assignee: Prasad P. Pawar
>            Priority: Major
>              Labels: Atlas-UI
>             Fix For: 3.0.0, 2.5.0
>
>
> Review `generateQueryOfFilter` in CommonViewFunction.js to ensure all 
> user-controlled values are escaped before rendering in 
> `searchResult.html(searchString)`.
> Files:
> - dashboardv2/public/js/utils/CommonViewFunction.js
> - dashboardv2/public/js/views/search/SearchResultLayoutView.js (line 524)
> Current Status:
> - `generateQueryOfFilter` already uses `_.escape()` for obj.id, obj.operator, 
> obj.value, value.type, value.tag, value.term, value.query
> - **Action:** Verify coverage in code review; add escape for any remaining 
> user-controlled fields
> Verification:
> - [ ] Trace all inputs to generateQueryOfFilter
> - [ ] Confirm all user-controlled values are escaped
> - [ ] Manual test: search with special filter values



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (ATLAS-5214) ATLAs UI: Ensure user-controlled values are escaped before rendering |

Reply via email to